Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-43306

virt-who not accepting the fips

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Normal Normal
    • None
    • None
    • virt-who
    • None
    • None
    • None
    • rhel-sst-csi-client-tools
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      FIPS-enabled Satellite 6.11 on RHEL8

      Version-Release number of selected component (if applicable):

      python3-suds-0.7-0.11.94664ddd46a6.el8.noarch
      virt-who-1.30.12-3.el8_7.noarch
      kernel-modules-4.18.0-372.19.1.el8_6.x86_64
      kernel-4.18.0-372.19.1.el8_6.x86_64
      kernel-modules-4.18.0-425.10.1.el8_7.x86_64
      kernel-tools-libs-4.18.0-425.10.1.el8_7.x86_64
      kernel-4.18.0-425.10.1.el8_7.x86_64
      kernel-modules-4.18.0-425.3.1.el8.x86_64
      kernel-core-4.18.0-425.10.1.el8_7.x86_64
      kernel-core-4.18.0-425.3.1.el8.x86_64
      kernel-4.18.0-425.3.1.el8.x86_64
      kernel-tools-4.18.0-425.10.1.el8_7.x86_64
      kernel-core-4.18.0-372.19.1.el8_6.x86_64

      How reproducible:

      FIPS is accepted by the installer.

      1. satellite-installer -S satellite returned no error.

      The satellite is up and running only virt-who is not working.

      Steps to Reproduce:

      ~~~
      [virt-who-config-4]
      type=hyperv
      hypervisor_id=hostname
      owner=xxxx

      server=https://xxxxxx:5986/wsman
      username=xxxxxxxxxxxxxx
      encrypted_password=e3sjdh8abfb2a2a7162f750799e9ccb9429a
      rhsm_hostname=xxxxx.xxx.xxx
      rhsm_username=virt_who_reporter_4
      rhsm_encrypted_password=a84d9b822414fbe410a7312990f155bdcc94c3a3c5dc440a8ddc8de47260c0c0
      rhsm_prefix=/rhsm
      ~~~

      Actual results:

      2023-02-13 07:40:31,197 [virtwho.main ERROR] MainProcess(977233):Thread-2 @virt.py:run:421 - Thread 'virt-who-config-4' fails with exception:
      Traceback (most recent call last):
      File "/usr/lib/python3.6/site-packages/virtwho/virt/virt.py", line 412, in run
      self._run()
      File "/usr/lib/python3.6/site-packages/virtwho/virt/virt.py", line 367, in _run
      data_to_send = self._get_data()
      File "/usr/lib/python3.6/site-packages/virtwho/virt/virt.py", line 980, in _get_data
      return self._get_report()
      File "/usr/lib/python3.6/site-packages/virtwho/virt/virt.py", line 968, in _get_report
      return HostGuestAssociationReport(self.config, self.getHostGuestMapping())
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 561, in getHostGuestMapping
      "root/virtualization")
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 417, in Enumerate
      body = self.post(data)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 380, in post
      response = self.connection.post(self.url, body, headers=headers)
      File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 581, in post
      return self.request('POST', url, data=data, json=json, **kwargs)
      File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 533, in request
      resp = self.send(prep, **send_kwargs)
      File "/usr/lib/python3.6/site-packages/requests/sessions.py", line 653, in send
      r = dispatch_hook('response', hooks, r, **kwargs)
      File "/usr/lib/python3.6/site-packages/requests/hooks.py", line 31, in dispatch_hook
      _hook_data = hook(hook_data, **kwargs)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 238, in handle_response
      return self.retry_ntlm_negotiate(response, **kwargs)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 129, in retry_ntlm_negotiate
      return self.retry_ntlm_authenticate(r, **kwargs)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/hyperv.py", line 141, in retry_ntlm_authenticate
      negotiate = base64.b64encode(self.ntlm.authentication_message(base64.b64decode(challenge), self.password))
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/ntlm.py", line 527, in authentication_message
      challenge.negotiate_flags)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/ntlm.py", line 391, in _init_
      self._compute_encryption_data()
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/ntlm.py", line 399, in _compute_encryption_data
      response_key_nt = response_key_lm = ntowfv2(self.password, self.username, self.domain)
      File "/usr/lib/python3.6/site-packages/virtwho/virt/hyperv/ntlm.py", line 98, in ntowfv2
      key=hashlib.new('md4', passwd.encode('utf-16le')).digest(),
      File "/usr/lib64/python3.6/hashlib.py", line 179, in __hash_new
      name, data, usedforsecurity=usedforsecurity)
      ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

      Expected results:

      Additional info:

      sosreport and details are on the case that is attached

              jira-bugzilla-migration RH Bugzilla Integration
              jira-bugzilla-migration RH Bugzilla Integration
              yanping liu yanping liu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: